<?php
ob_start();
?>
<?php
include ('encabezado.php');
?>
<form action="" method="POST">
	<div id="header">
	Old password: <input type="password" name="oldpass" /><br>
	New password: <input type="password" name="npass" /><br>
	Confirm password: <input type="password" name="cpass" /><br>
	<input type="submit" value="Change" />
	<input type="hidden" value="true" name="submit" /> 
	</div>
	
<?php
		if(connectBD($ip, $userdb, $passworddb, $db))
    {
        if (isset($_POST['submit']))
        {
          $oldpass = md5($_POST['oldpass']);
          $npass = md5($_POST['npass']);
          $cpass = md5($_POST['cpass']);
          $query = ("SELECT Password FROM Users WHERE Name = '$sesionuser'");
          $res = mysql_query($query);
          
          while ($row = mysql_fetch_assoc($res))
          {
            $pass = $row['Password'];
					 }
    
          if ($pass == $oldpass)
          {
            if ($npass == $cpass)
            {
              $query2 = ("UPDATE Users set Password='$npass' WHERE Name='$sesionuser'");
              mysql_query($query2);
              echo "Changed";
            }
            else 
            {
              echo "The new password confirmation don't match";
            }
					}
          else 
          {
            echo "The new and current password don't match";
          }
        }
    }
?>
	
</form>
<?php
include ('pie.php');
?>
<?php
ob_end_flush();
?>